Protection of and Access to Information
Employees shall adhere to all measures taken by Sneha Advisory Services to protect its information
Employees are given personal access credentials. Personal access credentials include at least a user-ID and password and may include additional credentials such as an access badge, token and smartcards. These credentials may not be shared with others, including colleagues, friends and family. Employees are assigned access rights based on requirements associated with their roles in the organization.
All non-personal information must be accessible by a superior and anyone requiring access to the information in line with their job responsibilities. Employees are strongly encouraged to set a proxy access to their email box for their backup and their direct superior. Automatic forwarding of business email to a non-business email address is not allowed. Manual forwarding of emails to the employee’s non-business email address is only allowed if approved by local management. Access to email on remote or mobile devices is only permitted if the device on which the email is to be received is configured by Sneha Advisory Services IT in accordance with the security policies.
Internet may only be accessed through Sneha Advisory Services approved secure configurations when accessing via Sneha Advisory Services’s network or on Sneha Advisory Services IT assets. Employees are not permitted to circumvent these secure configurations, even if technically feasible.
Sneha Advisory Services assets must be used with care and responsibly
Sneha Advisory Services assets can be physical or intangible. It may include buildings, equipment, software, data, know how, designs, logo, trade names and trade secrets.
All Sneha Advisory Services’s assets should be protected from misuse, theft, loss, damage or infringement. Any use of these assets other than for Sneha Advisory Services’s business (e.g. personal use, community or charitable endeavours) should be avoided and requires the express authorisation by local management.
The use of Sneha Advisory Services’s assets for personal gain or illegal purposes is prohibited.
Employees must always use the correct headed paper, forms, brochures, etc. Headed paper and forms, bearing the logo of Sneha Advisory Services or one if its subsidiaries, are to be used solely for business purposes and may not be handed out blank to clients or third parties.
Events and presentations in the name of Sneha Advisory Services and the use of its logo are permitted only for business purposes. Group Marketing and Communications should be involved in the use of the logo or other marketing material.
Employees must only use Sneha Advisory Services owned or controlled IT assets and may not modify the assets (e.g. by installing software) without consent or assistance of Sneha Advisory Services Technology. Copying or distribution of licenses owned or assigned to Sneha Advisory Services is only allowed with written consent of Sneha Advisory Services Technology.
Any information that is unclassified or classified other than Public and needs to be stored on an IT asset must be secured according to security specifications described in Sneha Advisory Services’s Information Security Policy. Theft or loss (including prolonged misplacements) of devices that potentially contain Sneha Advisory Services owned or managed information must be reported promptly to Sneha Advisory Services Technology.